An activist's guide to being online or using tech 
(a non-exhaustive list) 


Step One: Identifying your threat level 


The first thing to say about activists and organisers staying safe with devices 
and online is to recognise your threat level. This is not some scary nuclear 
apocalypse term, but just means identifying how likely you are to be 
scrutinised by the state. 


Everybody is likely to be subject to some scrutiny, and pretty well all software 
will invite some data gathering from mass surveillance technologies, so the 
protection you take should be proportionate to the level of threat you present. 
Therefore all of the tips here will be ranked in terms of the threat level they are 
likely to be appropriate for. More severe measures are likely to be more 
difficult to adopt, but unnecessary for most people. 


Step Two: Know that nothing is 100% safe 


The next thing to know is that nothing is 100% safe, especially on an online 
device. Someone once told me the only 100% safe communication was writing 
it down on paper, showing it to the person, then burning it - but you still don't 
know if there was a camera over their shoulder. It might sound conspiratorial 
but when the police want you they're willing to do some outrageous things to 
get you, so the best protection is always to make sure that they don't want you 
enough to make the effort worth it. 


VPN (Virtual Private Networks) 1/10 - these networks bounce your signal off 
servers in other countries. This makes it harder for surveillance to figure out 
where you are connecting your device from. A really good pay-what-you-can 
VPN is Rise Up VPN. This also allows you to watch US/Canada/wherever Netflix 
- So it's beneficial all round. 


FOSS browser 1/10 - Using Firefox, Brave, or Duck Duck Go instead of Google 
or Microsoft Edge stops some corporate snake which works with the police 
from seeing everything you search for, and offers a small amount of 
protection. These browsers are super easy to use, and run faster because they 
aren't slowed down by the weight of crappy surveillance technology. 


Password protection 1/10 - Obviously everyone should use passwords - on all 
of your devices. Using thumb prints or facial recognition to open your phone is 
less safe, as police can compel you to unlock your device this way but cannot 


demand a code or pin. Letters are better than pins, as pins can be read over 
people's shoulders. Obviously longer, more complicated passwords are better. 
We recommend using KeyPass XC as a FOSS password generator and holder 
and using anagrams of iconic lyrics from your favourite songs to open your 
devices. 


Protective browser extensions 2/10 - These can be added to your browser to 
help protect against cookies and data trackers, which are used by both the 
state and corporations to track your online activity. Privacy possum, 
Ad-blockers, and other extensions make no difference to your browsing, take 
two seconds to add, and will make all your searching more secure. 


Changing permissions 2/10 - Making sure intrusive software such as 
Facebook, Instagram or others don't have permission to access files, location, 
Or camera on your device can be an effort, but the scandals surrounding 
Instagram watching and recording the faces of users every time they open 
the app should be enough to persuade you not to enable these except for 
when you are posting. Location services on Google Maps and others are also a 
big one for this as cops can use your location to prove you were at a demo. 


Covering cameras 2/10 - Another thing that has gone pretty mainstream as a 
result of the scandals is covering up your front camera on your laptop. You can 
also get little stickers which do the same thing on your phone. We 
recommend covering both front and back cameras on all devices, particularly 
on protests. You never know who is watching. 


Posting photos 2/10 - Obviously not posting photos to social media is the 
ideal way to stay secure. However, protest photos are always going to make 
powerful images and there are lots of reasons to want to post them so taking 
steps to make them as safe as possible is important. Firstly, be very aware of 
the metadata of photos. Most phones and cameras will take note of the time 
and place that photos are taken as well as what device they were taken on 

and embed this within the code of the photo. Metadata scrubbing apps are 
fairly common and can clean this information off most photos. The other thing 
to be aware of is faces. Police will often search through posted photos from 
demonstrations to look for perpetrators to later arrest. Protect people's 
identity by using the blur photos features that come on apps like signal. Be 
wary of which app you use for this as some just add the blur as an extra layer 
which can be deleted. Our personal preference is to take a screenshot of every 
photo we want to post and then post the screenshot with metadata cleared to 
guarantee it is all one layer. 


FOSS software 3/10 - Being really aware of what software you are 
downloading onto your device and which software you are regularly using will 
help to boost your protection. In very simple terms, proprietary software is 
software created by companies, which will always have a profit motive in 
tracking your usage and selling your data. FOSS software is made 
collaboratively by communities of coders and is released for free. All FOSS 
code can be independently checked and verified to guarantee that the code 
is safe and does not leak data. Some of the most important FOSS apps are 
Signal instead of Messenger or Whatsapp, Jitsi instead of Zoom or Skype, 
Mastodon instead of Facebook Instagram or Twitter, and Protonmail instead 
of Gmail or Outlook. FOSS alternatives exist for pretty much all software, you 
can get FOSS maps, FOSS minecraft, or FOSS Word/powerpoint/publisher, so 
we recommend searching around. Please, please, please use a FOSS keyboard 
on your phone too - the keyboard that comes standard on your phone is 
owned by the company which manufactured it and just reads everything you 
put in so can see all of your passwords etc. Not idea!! 


Disappearing messages 3/10 - |t is also worth pointing out the disappearing 
messages function of apps like Signal or Snapchat. These can delete old 
sensitive messages and are good for getting rid of the spikiest stuff on your 
phone by setting the time limit for disappearing messages to a really short 
time. This means that even if you are arrested the amount of time it will take 
for the cops to break into your phone means that they won't see the worst 
stuff. Good for those sensitive photos sent to significant others too - just 


saying. 


TOR 3/10 - TOR or The Onion Router is a router which protects and 
anonymises your internet usage. A favourite for those looking to buy groceries, 
it gives you access to the dark web. The TOR app can route all of your internet 
phone usage through this - protecting you. It can be a bit clunky to use, and is 
certainly slower than non-TOR browsers so using it all of the time is not ideal, 
but when you are searching for slightly odd looking stuff it can protect your 
internet searches. 


Encrypting files 4/10 - File encryption is not too difficult and any jobs that 
require you to hold sensitive information probably requires you to encrypt files 
too. Lots of things automatically encrypt files for you like Signal, Protonmail, 
Google Drive or Whatsapp (though the last two then sell your metadata on 
anyway so it’s a bit like what was the point but oh well). Avoiding sending 
unencrypted messages or saving unencrypted sensitive files is a good way to 
create protection within your machines even if someone gets a hold of them. 
Police have decryption software to read encrypted files, but it is often slow 
and expensive so not making it worth their while is important. 


FOSS OS 5/10 - Operating systems (OS) like Windows can be a bit more 
difficult to change. Online guides can be found to help with this and | promise 
it is not as difficult as it looks as long as you have a USB. Heavier Linux 
packages like Ubuntu are very intuitive for long time Microsoft users, but 
lighter packages are safer and more secure because of the minimal apps. 
Non-Microsoft operating systems are also much better for coding, so if you 
ever wanted to learn, now is the time. 


Partitions 5/10 - |f you do want to keep Microsoft as your operating system 
but are considering picking up a FOSS alternative for protection why not do 
both? You can create partitions within your machine (provided you have 
enough memory) that means that you can load up either OS on startup. 


Burner phones 6/10 - Using a burner phone (a cheap phone which does not 
connect to wifi and was not paid for with anything which links back to you) 
makes communicating whilst on demos much safer. These phones typically 
go for about £20-£40 in a phone store, and keeping messages to a Minimum 
means you wont need to pay too much for credit. All purchases can be done in 
cash to ensure that your credit card information is not linked to the device. 
Great for picking up or selling groceries too. 


Encrypted partitions 7/10 - Using encryption software to protect partitions 
within your computer. This will make it not obvious that there is a partition 
existing on the device so that if someone goes to open the device it will not 
immediately be obvious that a partition exists. Then with the right password 
you can decrypt the partition and see what software exists there. This can be 
quite difficult to manage and still won't protect if the police put some 
hardcore decryption software into opening up your device, but its pretty good. 


Signal towers 7/10 - One way that police will use to capture the metadata of 
those at protests is to set up fake signal towers for people's 4g to connect to. 
Sometimes you can spot these on top of a police van and sometimes you can 
find them out and about. Some FOSS apps have collated the location of all of 
these that they know about if you want to have a look for them. Essentially 
what these do is harvest the metadata of all messages being sent through the 
data in the area. This means that the police can see who is sending messages 
to who, how big the messages are, where they are sent from, and when they 
are sent. If the messages aren't on encrypted software then they will also be 
able to see the content of the messages. This is why it's best to assume that 
anything sent online at a demo can be seen by the police. Never write 
anything down which you would not want read back to you in court! 


Destructive passwords 8/10 - There are some pieces of software which set up 
a second password on your device. This will, if entered, destroy all of the data 
on your device making it inaccessible even with the police's decryption tools. 
This may, however, get you in some real trouble, if you enter this into your 
device when told to open it in a police station you are likely to be charged with 
an extra offence. This is why the police rarely let you put in your password 
unsupervised now. 


Tails Drive 8/10 - |f you want to do really shady stuff then booting up from a 
tails drive off a USB gives your system excellent protection. These are really 
good - for example for hunting down fascists online without tracking. The Tails 
software can be bought, or transferred from device to device if you know 
someone already who has a tails drive and would be willing to copy it onto 
another stick for you. 


Broken phones and other devices 9/10 - So no matter how much Open 
Source Software you use, at the end of the day the device that you are using is 
likely to be proprietary. It will have been produced by a company (which will 
always have an interest in monitoring you) and built and produced in a state 
which will likely equip the device with some hardware for monitoring you. You 
can buy phones and laptops which have been taken apart and combed 
through for microchips, bugs, and microphones, or you can try doing this 
yourself (very much not recommended unless you're an expert). 


Sandboxing 9/10 - Never connecting your device to the internet, or 
downloading any apps can be a tough sell for people who actually want to use 
their device for stuff. This is however 10/10 the best way to guarantee that the 
device is safe and secure from online trackers or surveillance. Still doesn't 
protect your device if people get hold of it but nothing will. 


No device 10/10 - Can't emphasise enough how not safe modern technology 
is. lf you want to be sure, meet in person, no tech allowed - plan on burning 
the paper. Now the only loose ends are the people you're organising with, so 
make sure you trust them :) 


